@passlock/server 2.1.0

package/README.md

@@ -0,0 +1,45 @@
+<!-- 
+The pnpm script build:readme replaces tokens 
+in README.template.md and outputs to README.md 
+-->
+<div align="center">
+  <a href="https://github.com/passlock-dev/passlock">
+    <img src="https://passlock-assets.b-cdn.net/images/passlock-logo.svg" alt="Passlock logo" width="80" height="80">
+  </a>
+</div>
+
+<div align="center">
+  <picture align="center">
+    <source srcset="https://passlock-assets.b-cdn.net/images/client-repo-banner.dark.svg" media="(prefers-color-scheme: dark)" />
+    <img align="center" width=550 height=50 src="https://passlock-assets.b-cdn.net/images/client-repo-banner.svg" />
+  </picture>
+  <p align="center">
+    Server-side library to accompany the <a href="https://www.npmjs.com/package/@passlock/client">@passlock/client</a> package
+    <br />
+    <a href="https://passlock.dev"><strong>Project website »</strong></a>
+    <br />
+    <a href="https://github.com/passlock-dev/passlock">GitHub</a>
+    ·
+    <a href="https://passlock.dev">Documentation</a>
+    ·
+    <a href="https://passlock.dev/getting-started/">Quick start</a>
+    ·
+    <a href="https://passlock.dev/#demo">Demo</a>   
+  </p>
+</div>
+
+<br />
+
+## See also
+
+For frontend usage please see the accompanying [@passlock/client][client] package
+
+## Requirements
+
+Node 20+ (If running Node)
+
+## Usage
+
+Please see the [Quick start guide](https://passlock.dev/getting-started/)
+
+[client]: https://www.npmjs.com/package/@passlock/client

package/README.template.md

@@ -0,0 +1,45 @@
+<!-- 
+The pnpm script build:readme replaces tokens 
+in README.template.md and outputs to README.md 
+-->
+<div align="center">
+  <a href="#{GITHUB_REPO}#">
+    <img src="#{PASSLOCK_LOGO}#" alt="Passlock logo" width="80" height="80">
+  </a>
+</div>
+
+<div align="center">
+  <picture align="center">
+    <source srcset="#{ASSETS}#/images/client-repo-banner.dark.svg" media="(prefers-color-scheme: dark)" />
+    <img align="center" width=550 height=50 src="#{ASSETS}#/images/client-repo-banner.svg" />
+  </picture>
+  <p align="center">
+    Server-side library to accompany the <a href="https://www.npmjs.com/package/@passlock/client">@passlock/client</a> package
+    <br />
+    <a href="#{PASSLOCK_SITE}#"><strong>Project website »</strong></a>
+    <br />
+    <a href="#{GITHUB_REPO}#">GitHub</a>
+    ·
+    <a href="#{DOCS}#">Documentation</a>
+    ·
+    <a href="#{TUTORIAL}#">Quick start</a>
+    ·
+    <a href="#{DEMO}#">Demo</a>   
+  </p>
+</div>
+
+<br />
+
+## See also
+
+For frontend usage please see the accompanying [@passlock/client][client] package
+
+## Requirements
+
+Node 20+ (If running Node)
+
+## Usage
+
+Please see the [Quick start guide](#{TUTORIAL}#)
+
+[client]: https://www.npmjs.com/package/@passlock/client

package/dist/effect.d.ts

@@ -0,0 +1,7 @@
+export type { AssignUserOptions, ListPasskeyOptions, } from "./passkey/passkey.js";
+export { assignUser, deletePasskey, getPasskey, listPasskeys, } from "./passkey/passkey.js";
+export type {} from "./principal/principal.js";
+export { exchangeCode, VerificationError, verifyIdToken, } from "./principal/principal.js";
+export * from "./schemas/index.js";
+export type { AuthenticatedOptions, PasslockOptions, } from "./shared.js";
+//# sourceMappingURL=effect.d.ts.map

package/dist/effect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC9C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA;AAClC,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/effect.js

@@ -0,0 +1,4 @@
+export { assignUser, deletePasskey, getPasskey, listPasskeys, } from "./passkey/passkey.js";
+export { exchangeCode, VerificationError, verifyIdToken, } from "./principal/principal.js";
+export * from "./schemas/index.js";
+//# sourceMappingURL=effect.js.map

package/dist/effect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effect.js","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA","sourcesContent":["export type {\n  AssignUserOptions,\n  ListPasskeyOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  assignUser,\n  deletePasskey,\n  getPasskey,\n  listPasskeys,\n} from \"./passkey/passkey.js\"\nexport type {} from \"./principal/principal.js\"\nexport {\n  exchangeCode,\n  VerificationError,\n  verifyIdToken,\n} from \"./principal/principal.js\"\nexport * from \"./schemas/index.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/errors.d.ts

@@ -0,0 +1,71 @@
+/**
+ * @category Authentication
+ */
+export type UnauthorizedError = {
+    _tag: "@error/Unauthorized";
+    message: string;
+};
+export declare const isUnauthorizedError: (payload: unknown) => payload is UnauthorizedError;
+/**
+ * @category Authentication
+ */
+export type ForbiddenError = {
+    _tag: "@error/Forbidden";
+    message: string;
+};
+export declare const isForbiddenError: (payload: unknown) => payload is ForbiddenError;
+/**
+ * @category Principal
+ */
+export type InvalidCodeError = {
+    _tag: "@error/InvalidCode";
+    message: string;
+};
+export declare const isInvalidCodeError: (payload: unknown) => payload is InvalidCodeError;
+/**
+ * @category Principal
+ */
+export type VerificationError = {
+    _tag: "@error/Verification";
+    message: string;
+};
+export declare const isVerificationError: (payload: unknown) => payload is VerificationError;
+export type InvalidTenancyError = {
+    _tag: "@error/InvalidTenancy";
+    message: string;
+};
+export declare const isInvalidTenancyError: (payload: unknown) => payload is InvalidTenancyError;
+/**
+ * Error payload returned when a passkey cannot be found for a given
+ * authentication attempt.
+ *
+ * @category Passkeys
+ */
+export type PasskeyNotFoundError = {
+    _tag: "@error/PasskeyNotFound";
+    message: string;
+    credentialId: string;
+    rpId: string;
+};
+export declare const isPasskeyNotFoundError: (payload: unknown) => payload is PasskeyNotFoundError;
+export type NotFoundError = {
+    _tag: "@error/NotFound";
+    message: string;
+};
+export declare const isNotFoundError: (payload: unknown) => payload is NotFoundError;
+export type InvalidEmailError = {
+    _tag: "@error/InvalidEmail";
+    message: string;
+};
+export declare const isInvalidEmailError: (payload: unknown) => payload is InvalidEmailError;
+export type DuplicateEmailError = {
+    _tag: "@error/DuplicateEmail";
+    message: string;
+};
+export declare const isDuplicateEmailError: (payload: unknown) => payload is DuplicateEmailError;
+export type BadRequestError = {
+    _tag: "@error/BadRequest";
+    message: string;
+};
+export declare const isBadRequestError: (payload: unknown) => payload is BadRequestError;
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAsBA;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YArBpB,OAAO,KAAG,OAAO,qBAuB5B,CAAA;AAID;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,kBAAkB,CAAA;IACxB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,gBAAgB,YAnCjB,OAAO,KAAG,OAAO,kBAmC+C,CAAA;AAI5E;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,oBAAoB,CAAA;IAC1B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,kBAAkB,YA/CnB,OAAO,KAAG,OAAO,oBAgDqB,CAAA;AAIlD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YA5DpB,OAAO,KAAG,OAAO,qBA8D5B,CAAA;AAID,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,qBAAqB,YAvEtB,OAAO,KAAG,OAAO,uBAyE5B,CAAA;AAID;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,wBAAwB,CAAA;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,eAAO,MAAM,sBAAsB,YA1FvB,OAAO,KAAG,OAAO,wBA4F5B,CAAA;AAID,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,eAAe,YArGhB,OAAO,KAAG,OAAO,iBAqG4C,CAAA;AAIzE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YA9GpB,OAAO,KAAG,OAAO,qBAgH5B,CAAA;AAID,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,qBAAqB,YAzHtB,OAAO,KAAG,OAAO,uBA2H5B,CAAA;AAID,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,mBAAmB,CAAA;IACzB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,iBAAiB,YApIlB,OAAO,KAAG,OAAO,mBAoIkD,CAAA"}

package/dist/errors.js

@@ -0,0 +1,30 @@
+/*
+ * Publicly exposed errors.
+ * The errors we receive from the API live in the schemas/errors.ts module.
+ * The errors here have the same shape but they are simple types
+ * so are easier for non Effect consumers to handle.
+ */
+const isTagged = (tag) => (payload) => {
+    if (typeof payload !== "object")
+        return false;
+    if (payload === null)
+        return false;
+    if (!("_tag" in payload))
+        return false;
+    if (typeof payload._tag !== "string")
+        return false;
+    if (payload._tag !== tag)
+        return false;
+    return true;
+};
+export const isUnauthorizedError = isTagged("@error/Unauthorized");
+export const isForbiddenError = isTagged("@error/Forbidden");
+export const isInvalidCodeError = isTagged("@error/InvalidCode");
+export const isVerificationError = isTagged("@error/Verification");
+export const isInvalidTenancyError = isTagged("@error/InvalidTenancy");
+export const isPasskeyNotFoundError = isTagged("@error/PasskeyNotFound");
+export const isNotFoundError = isTagged("@error/NotFound");
+export const isInvalidEmailError = isTagged("@error/InvalidEmail");
+export const isDuplicateEmailError = isTagged("@error/DuplicateEmail");
+export const isBadRequestError = isTagged("@error/BadRequest");
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,QAAQ,GACZ,CAA6B,GAAc,EAAE,EAAE,CAC/C,CAAC,OAAgB,EAAgB,EAAE;IACjC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC7C,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,KAAK,CAAA;IAElC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACtC,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAClD,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IAEtC,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAYH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AAYD,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAiB,kBAAkB,CAAC,CAAA;AAY5E,MAAM,CAAC,MAAM,kBAAkB,GAC7B,QAAQ,CAAmB,oBAAoB,CAAC,CAAA;AAYlD,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AASD,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AAiBD,MAAM,CAAC,MAAM,sBAAsB,GAAG,QAAQ,CAC5C,wBAAwB,CACzB,CAAA;AASD,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAgB,iBAAiB,CAAC,CAAA;AASzE,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AASD,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AASD,MAAM,CAAC,MAAM,iBAAiB,GAAG,QAAQ,CAAkB,mBAAmB,CAAC,CAAA","sourcesContent":["/*\n * Publicly exposed errors.\n * The errors we receive from the API live in the schemas/errors.ts module.\n * The errors here have the same shape but they are simple types\n * so are easier for non Effect consumers to handle.\n */\n\nconst isTagged =\n  <A extends { _tag: string }>(tag: A[\"_tag\"]) =>\n  (payload: unknown): payload is A => {\n    if (typeof payload !== \"object\") return false\n    if (payload === null) return false\n\n    if (!(\"_tag\" in payload)) return false\n    if (typeof payload._tag !== \"string\") return false\n    if (payload._tag !== tag) return false\n\n    return true\n  }\n\n/* Unauthorized */\n\n/**\n * @category Authentication\n */\nexport type UnauthorizedError = {\n  _tag: \"@error/Unauthorized\"\n  message: string\n}\n\nexport const isUnauthorizedError = isTagged<UnauthorizedError>(\n  \"@error/Unauthorized\"\n)\n\n/* Forbidden */\n\n/**\n * @category Authentication\n */\nexport type ForbiddenError = {\n  _tag: \"@error/Forbidden\"\n  message: string\n}\n\nexport const isForbiddenError = isTagged<ForbiddenError>(\"@error/Forbidden\")\n\n/* InvalidCode */\n\n/**\n * @category Principal\n */\nexport type InvalidCodeError = {\n  _tag: \"@error/InvalidCode\"\n  message: string\n}\n\nexport const isInvalidCodeError =\n  isTagged<InvalidCodeError>(\"@error/InvalidCode\")\n\n/* VerificationFailure */\n\n/**\n * @category Principal\n */\nexport type VerificationError = {\n  _tag: \"@error/Verification\"\n  message: string\n}\n\nexport const isVerificationError = isTagged<VerificationError>(\n  \"@error/Verification\"\n)\n\n/* InvalidTenancy */\n\nexport type InvalidTenancyError = {\n  _tag: \"@error/InvalidTenancy\"\n  message: string\n}\n\nexport const isInvalidTenancyError = isTagged<InvalidTenancyError>(\n  \"@error/InvalidTenancy\"\n)\n\n/* PasskeyNotFound */\n\n/**\n * Error payload returned when a passkey cannot be found for a given\n * authentication attempt.\n *\n * @category Passkeys\n */\nexport type PasskeyNotFoundError = {\n  _tag: \"@error/PasskeyNotFound\"\n  message: string\n  credentialId: string\n  rpId: string\n}\n\nexport const isPasskeyNotFoundError = isTagged<PasskeyNotFoundError>(\n  \"@error/PasskeyNotFound\"\n)\n\n/* NotFound */\n\nexport type NotFoundError = {\n  _tag: \"@error/NotFound\"\n  message: string\n}\n\nexport const isNotFoundError = isTagged<NotFoundError>(\"@error/NotFound\")\n\n/* InvalidEmail */\n\nexport type InvalidEmailError = {\n  _tag: \"@error/InvalidEmail\"\n  message: string\n}\n\nexport const isInvalidEmailError = isTagged<InvalidEmailError>(\n  \"@error/InvalidEmail\"\n)\n\n/* DuplicateEmail */\n\nexport type DuplicateEmailError = {\n  _tag: \"@error/DuplicateEmail\"\n  message: string\n}\n\nexport const isDuplicateEmailError = isTagged<DuplicateEmailError>(\n  \"@error/DuplicateEmail\"\n)\n\n/* BadRequest */\n\nexport type BadRequestError = {\n  _tag: \"@error/BadRequest\"\n  message: string\n}\n\nexport const isBadRequestError = isTagged<BadRequestError>(\"@error/BadRequest\")\n"]}

package/dist/index.d.ts

@@ -0,0 +1,115 @@
+/**
+ * Unsafe functions that could potentially throw errors.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module unsafe
+ */
+import type { AssignUserOptions, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions } from "./passkey/passkey.js";
+import type { ExchangeCodeOptions, VerifyIdTokenOptions } from "./principal/principal.js";
+import type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ *
+ * @param request
+ * @returns A promise resolving to the updated passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const assignUser: (request: AssignUserOptions) => Promise<Passkey>;
+/**
+ * Call the Passlock backend API to update passkey properties
+ *
+ * @param request
+ * @returns A promise resolving to the updated passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskey: (request: UpdatePasskeyOptions) => Promise<Passkey>;
+/**
+ * Call the Passlock backend API to update all passkeys for a given user
+ *
+ * @param request
+ * @returns A promise resolving to updated usernames for matching passkeys.
+ * @throws {@link NotFoundError} if no passkeys are found for the given user
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskeyUsernames: (request: UpdatePasskeyUsernamesOptions) => Promise<UpdatedPasskeyUsernames>;
+/**
+ * Call the Passlock backend API to delete an authenticator
+ *
+ * @param options
+ * @returns A promise resolving to the deleted passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const deletePasskey: (options: DeletePasskeyOptions) => Promise<Passkey>;
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ *
+ * @param options
+ * @returns A promise resolving to the passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const getPasskey: (options: GetPasskeyOptions) => Promise<Passkey>;
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor,
+ * in which case the function should be called again with the given cursor.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries.
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<FindAllPasskeys>;
+/**
+ * Call the Passlock backend API to exchange a code for an ExtendedPrincipal
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal.
+ * @throws {@link InvalidCodeError} if the code is invalid or expired
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Principal
+ */
+export declare const exchangeCode: (options: ExchangeCodeOptions) => Promise<ExtendedPrincipal>;
+/**
+ * Decode and verify a Passlock `id_token` (JWT).
+ * Note: This will make a network call to
+ * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
+ * to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS Lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @param options
+ * @returns A promise resolving to the verified principal.
+ * @throws {@link VerificationError} if token verification fails
+ *
+ * @category Principal
+ */
+export declare const verifyIdToken: (options: VerifyIdTokenOptions) => Promise<Principal>;
+export type { BadRequestError, DuplicateEmailError, ForbiddenError, InvalidCodeError, InvalidEmailError, InvalidTenancyError, NotFoundError, PasskeyNotFoundError, UnauthorizedError, VerificationError, } from "./errors.js";
+export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
+export type { AssignUserOptions, Credential, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, PasskeySummary, Platform, UpdatedPasskeys, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions, } from "./passkey/passkey.js";
+export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export type { ExchangeCodeOptions, VerifyIdTokenOptions, } from "./principal/principal.js";
+export type { CredentialDeviceType, Transports, } from "./schemas/passkey.js";
+export type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+export type { AuthenticatedOptions, PasslockOptions, } from "./shared.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,EAC9B,MAAM,sBAAsB,CAAA;AAS7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,6BAA6B,KACrC,OAAO,CAAC,uBAAuB,CACyB,CAAA;AAE3D;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,CAAoD,CAAA;AAE9E;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,CAAoD,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CAAqD,CAAA;AAIzE,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,cAAc,EACd,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/index.js

@@ -0,0 +1,109 @@
+/**
+ * Unsafe functions that could potentially throw errors.
+ *
+ * @categoryDescription Passkeys
+ * Functions and related types for managing passkeys
+ *
+ * @showCategories
+ *
+ * @module unsafe
+ */
+import { Effect, pipe } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
+import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./principal/principal.js";
+/**
+ * Call the Passlock backend API to assign a userId to an authenticator
+ *
+ * @param request
+ * @returns A promise resolving to the updated passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const assignUser = (request) => pipe(assignUserE(request), Effect.runPromise);
+/**
+ * Call the Passlock backend API to update passkey properties
+ *
+ * @param request
+ * @returns A promise resolving to the updated passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const updatePasskey = (request) => pipe(updatePasskeyE(request), Effect.runPromise);
+/**
+ * Call the Passlock backend API to update all passkeys for a given user
+ *
+ * @param request
+ * @returns A promise resolving to updated usernames for matching passkeys.
+ * @throws {@link NotFoundError} if no passkeys are found for the given user
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(request), Effect.runPromise);
+/**
+ * Call the Passlock backend API to delete an authenticator
+ *
+ * @param options
+ * @returns A promise resolving to the deleted passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.runPromise);
+/**
+ * Call the Passlock backend API to fetch an authenticator
+ *
+ * @param options
+ * @returns A promise resolving to the passkey.
+ * @throws {@link NotFoundError} if passkey does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const getPasskey = (options) => pipe(getPasskeyE(options), Effect.runPromise);
+/**
+ * List passkeys for the given tenancy. Note this could return a cursor,
+ * in which case the function should be called again with the given cursor.
+ *
+ * @param options
+ * @returns A promise resolving to a page of passkey summaries.
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.runPromise);
+/**
+ * Call the Passlock backend API to exchange a code for an ExtendedPrincipal
+ *
+ * @param options
+ * @returns A promise resolving to an extended principal.
+ * @throws {@link InvalidCodeError} if the code is invalid or expired
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Principal
+ */
+export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.runPromise);
+/**
+ * Decode and verify a Passlock `id_token` (JWT).
+ * Note: This will make a network call to
+ * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
+ * to fetch the relevant public key. The response will be cached, however
+ * bear in mind that for something like AWS Lambda it will make the call on every
+ * cold start so might actually be slower than {@link exchangeCode}
+ *
+ * @param options
+ * @returns A promise resolving to the verified principal.
+ * @throws {@link VerificationError} if token verification fails
+ *
+ * @category Principal
+ */
+export const verifyIdToken = (options) => pipe(verifyIdTokenE(options), Effect.runPromise);
+export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
+export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAYrC,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAAsC,EACJ,EAAE,CACpC,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE3D;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACD,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9E;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EACA,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACT,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAgBzE,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAgBpB,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Unsafe functions that could potentially throw errors.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module unsafe\n */\n\nimport { Effect, pipe } from \"effect\"\nimport type {\n  AssignUserOptions,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n  updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const assignUser = (request: AssignUserOptions): Promise<Passkey> =>\n  pipe(assignUserE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to update passkey properties\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Passkey> => pipe(updatePasskeyE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to update all passkeys for a given user\n *\n * @param request\n * @returns A promise resolving to updated usernames for matching passkeys.\n * @throws {@link NotFoundError} if no passkeys are found for the given user\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n  request: UpdatePasskeyUsernamesOptions\n): Promise<UpdatedPasskeyUsernames> =>\n  pipe(updatePasskeyUsernamesE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to delete an authenticator\n *\n * @param options\n * @returns A promise resolving to the deleted passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<Passkey> => pipe(deletePasskeyE(options), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n *\n * @param options\n * @returns A promise resolving to the passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const getPasskey = (options: GetPasskeyOptions): Promise<Passkey> =>\n  pipe(getPasskeyE(options), Effect.runPromise)\n\n/**\n * List passkeys for the given tenancy. Note this could return a cursor,\n * in which case the function should be called again with the given cursor.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries.\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<FindAllPasskeys> => pipe(listPasskeysE(options), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to exchange a code for an ExtendedPrincipal\n *\n * @param options\n * @returns A promise resolving to an extended principal.\n * @throws {@link InvalidCodeError} if the code is invalid or expired\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal> => pipe(exchangeCodeE(options), Effect.runPromise)\n\n/**\n * Decode and verify a Passlock `id_token` (JWT).\n * Note: This will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS Lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n *\n * @param options\n * @returns A promise resolving to the verified principal.\n * @throws {@link VerificationError} if token verification fails\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Principal> => pipe(verifyIdTokenE(options), Effect.runPromise)\n\n/* Re-exports */\n\nexport type {\n  BadRequestError,\n  DuplicateEmailError,\n  ForbiddenError,\n  InvalidCodeError,\n  InvalidEmailError,\n  InvalidTenancyError,\n  NotFoundError,\n  PasskeyNotFoundError,\n  UnauthorizedError,\n  VerificationError,\n} from \"./errors.js\"\nexport {\n  isBadRequestError,\n  isDuplicateEmailError,\n  isForbiddenError,\n  isInvalidCodeError,\n  isInvalidEmailError,\n  isInvalidTenancyError,\n  isNotFoundError,\n  isPasskeyNotFoundError,\n  isUnauthorizedError,\n  isVerificationError,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeySummary,\n  Platform,\n  UpdatedPasskeys,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isPasskey,\n  isPasskeySummary,\n  isUpdatedPasskeys,\n  isUpdatedPasskeyUsernames,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/network.d.ts

@@ -0,0 +1,134 @@
+import { Context, Effect, Layer } from "effect";
+/**
+ * Supported HTTP methods accepted by {@link fetchNetwork}.
+ */
+export type NetworkMethod = "get" | "post" | "delete" | "patch";
+/**
+ * Lightweight response model used by this package.
+ *
+ * Invariants:
+ * - `json` is lazy: parsing only happens when the effect is run.
+ * - `json` is memoized per response wrapper, so repeated evaluation does not
+ *   parse the same payload multiple times.
+ */
+export interface NetworkResponse {
+    readonly status: number;
+    readonly statusText: string;
+    readonly statusMessage: string;
+    readonly headers: Readonly<Record<string, string>>;
+    readonly json: Effect.Effect<unknown, NetworkResponseError>;
+}
+/**
+ * Accepted request header input formats.
+ */
+export type NetworkHeaders = Headers | Readonly<Record<string, string>> | Array<[string, string]>;
+/**
+ * Optional request options for {@link fetchNetwork}.
+ */
+export interface FetchNetworkOptions {
+    readonly headers?: NetworkHeaders;
+}
+declare const NetworkFetch_base: Context.TagClass<NetworkFetch, "NetworkFetch", typeof fetch>;
+/**
+ * Effect service tag for the fetch implementation.
+ *
+ * Supply this service with `Effect.provide` / layers to swap fetch behavior
+ * in tests or alternate runtimes.
+ */
+export declare class NetworkFetch extends NetworkFetch_base {
+}
+/**
+ * Default live fetch layer backed by `globalThis.fetch`.
+ */
+export declare const NetworkFetchLive: Layer.Layer<NetworkFetch>;
+/**
+ * HTTP status buckets used by {@link matchStatus}.
+ */
+export type NetworkResponseStatusCase = "2xx" | "3xx" | "4xx" | "5xx";
+type MatchStatusHandler<Resp extends NetworkResponse = NetworkResponse, A = unknown, E = unknown> = (response: Resp) => Effect.Effect<A, E, never>;
+type HandlerEffect<Cases extends MatchStatusCases<Resp>, Resp extends NetworkResponse, Case extends NetworkResponseStatusCase | "orElse"> = Case extends keyof Cases ? NonNullable<Cases[Case]> extends MatchStatusHandler<Resp> ? ReturnType<NonNullable<Cases[Case]>> : never : never;
+type MatchStatusEffectUnion<Cases extends MatchStatusCases<Resp>, Resp extends NetworkResponse> = HandlerEffect<Cases, Resp, "2xx"> | HandlerEffect<Cases, Resp, "3xx"> | HandlerEffect<Cases, Resp, "4xx"> | HandlerEffect<Cases, Resp, "5xx"> | HandlerEffect<Cases, Resp, "orElse">;
+type EffectSuccess<T> = T extends Effect.Effect<infer A, unknown, unknown> ? A : never;
+type EffectError<T> = T extends Effect.Effect<unknown, infer E, unknown> ? E : never;
+type EffectContext<T> = T extends Effect.Effect<unknown, unknown, infer R> ? R : never;
+/**
+ * Handlers used by {@link matchStatus}.
+ *
+ * Invariants:
+ * - `orElse` is always required.
+ * - Specific status family handlers are optional and fall back to `orElse`
+ *   when missing.
+ */
+export interface MatchStatusCases<Resp extends NetworkResponse = NetworkResponse> {
+    readonly "2xx"?: MatchStatusHandler<Resp>;
+    readonly "3xx"?: MatchStatusHandler<Resp>;
+    readonly "4xx"?: MatchStatusHandler<Resp>;
+    readonly "5xx"?: MatchStatusHandler<Resp>;
+    readonly orElse: MatchStatusHandler<Resp>;
+}
+declare const NetworkRequestError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/NetworkRequest";
+} & Readonly<A>;
+/**
+ * Raised when the underlying fetch call fails before a response is received.
+ */
+export declare class NetworkRequestError extends NetworkRequestError_base<{
+    readonly method: NetworkMethod;
+    readonly url: string;
+    readonly message: string;
+}> {
+}
+declare const NetworkPayloadError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/NetworkPayload";
+} & Readonly<A>;
+/**
+ * Raised when request payload serialization fails.
+ */
+export declare class NetworkPayloadError extends NetworkPayloadError_base<{
+    readonly method: NetworkMethod;
+    readonly message: string;
+}> {
+}
+declare const NetworkResponseError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+    readonly _tag: "@error/NetworkResponse";
+} & Readonly<A>;
+/**
+ * Raised when response body parsing fails.
+ */
+export declare class NetworkResponseError extends NetworkResponseError_base<{
+    readonly method: NetworkMethod;
+    readonly url: string;
+    readonly message: string;
+}> {
+}
+/**
+ * Convert an HTTP status code into its status family bucket.
+ *
+ * Returns `undefined` for codes outside the 2xx-5xx families.
+ */
+export declare const statusToCase: (status: number) => NetworkResponseStatusCase | undefined;
+/**
+ * Route a {@link NetworkResponse} to the first matching status-family handler.
+ *
+ * Invariants:
+ * - `2xx`/`3xx`/`4xx`/`5xx` handlers are matched by status family.
+ * - `orElse` is always used as a fallback when no specific family handler exists.
+ * - The returned effect type is inferred as the union of all handler effects.
+ */
+export declare const matchStatus: <Resp extends NetworkResponse, Cases extends MatchStatusCases<Resp>>(response: Resp, cases: Cases) => Effect.Effect<EffectSuccess<MatchStatusEffectUnion<Cases, Resp>>, EffectError<MatchStatusEffectUnion<Cases, Resp>>, EffectContext<MatchStatusEffectUnion<Cases, Resp>>>;
+/**
+ * Convert `Headers` into a readonly plain record.
+ */
+export declare const headersToRecord: (headers: Headers) => Readonly<Record<string, string>>;
+/**
+ * Execute a fetch request using the injected {@link NetworkFetch} service.
+ *
+ * Invariants:
+ * - method is always normalized to upper-case before dispatch.
+ * - JSON payload (if present) is serialized before request execution.
+ * - caller headers override payload-derived headers when keys overlap.
+ * - the returned `NetworkResponse.json` remains lazy.
+ */
+export declare const fetchNetwork: (url: string | URL, method: NetworkMethod, payload?: unknown, options?: FetchNetworkOptions) => Effect.Effect<NetworkResponse, NetworkRequestError | NetworkPayloadError, NetworkFetch>;
+export {};
+//# sourceMappingURL=network.d.ts.map

package/dist/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../src/network.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAQ,MAAM,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAA;AAErD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;AAE/D;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAA;CAC5D;AAED;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAChC,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAE3B;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,CAAA;CAClC;;AAED;;;;;GAKG;AACH,qBAAa,YAAa,SAAQ,iBAG/B;CAAG;AAEN;;GAEG;AACH,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,KAAK,CAAC,YAAY,CAGtD,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,yBAAyB,GAAG,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,KAAK,CAAA;AAErE,KAAK,kBAAkB,CACrB,IAAI,SAAS,eAAe,GAAG,eAAe,EAC9C,CAAC,GAAG,OAAO,EACX,CAAC,GAAG,OAAO,IACT,CAAC,QAAQ,EAAE,IAAI,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAA;AAElD,KAAK,aAAa,CAChB,KAAK,SAAS,gBAAgB,CAAC,IAAI,CAAC,EACpC,IAAI,SAAS,eAAe,EAC5B,IAAI,SAAS,yBAAyB,GAAG,QAAQ,IAC/C,IAAI,SAAS,MAAM,KAAK,GACxB,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,SAAS,kBAAkB,CAAC,IAAI,CAAC,GACvD,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,GACpC,KAAK,GACP,KAAK,CAAA;AAET,KAAK,sBAAsB,CACzB,KAAK,SAAS,gBAAgB,CAAC,IAAI,CAAC,EACpC,IAAI,SAAS,eAAe,IAE1B,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,GACjC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,GACjC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,GACjC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,GACjC,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;AASxC,KAAK,aAAa,CAAC,CAAC,IAClB,CAAC,SAAS,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AAEhE,KAAK,WAAW,CAAC,CAAC,IAChB,CAAC,SAAS,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AAEhE,KAAK,aAAa,CAAC,CAAC,IAClB,CAAC,SAAS,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AAEhE;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAgB,CAC/B,IAAI,SAAS,eAAe,GAAG,eAAe;IAE9C,QAAQ,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,QAAQ,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,QAAQ,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,QAAQ,CAAC,KAAK,CAAC,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACzC,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC,IAAI,CAAC,CAAA;CAC1C;;;;AAOD;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,yBAEvC;IACA,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAA;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB,CAAC;CAAG;;;;AAEL;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,yBAEvC;IACA,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAA;IAC9B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB,CAAC;CAAG;;;;AAEL;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,0BAExC;IACA,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAA;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACzB,CAAC;CAAG;AAKL;;;;GAIG;AACH,eAAO,MAAM,YAAY,GACvB,QAAQ,MAAM,KACb,yBAAyB,GAAG,SAO9B,CAAA;AAiBD;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW,GACtB,IAAI,SAAS,eAAe,EAC5B,KAAK,SAAS,gBAAgB,CAAC,IAAI,CAAC,EAEpC,UAAU,IAAI,EACd,OAAO,KAAK,KACX,MAAM,CAAC,MAAM,CACd,aAAa,CAAC,sBAAsB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,EAClD,WAAW,CAAC,sBAAsB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,EAChD,aAAa,CAAC,sBAAsB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CASjD,CAAA;AA8CH;;GAEG;AACH,eAAO,MAAM,eAAe,GAC1B,SAAS,OAAO,KACf,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAA0C,CAAA;AAwD5E;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GACvB,KAAK,MAAM,GAAG,GAAG,EACjB,QAAQ,aAAa,EACrB,UAAU,OAAO,EACjB,UAAU,mBAAmB,KAC5B,MAAM,CAAC,MAAM,CACd,eAAe,EACf,mBAAmB,GAAG,mBAAmB,EACzC,YAAY,CAsCV,CAAA"}